From 9878d1ac63682ba58ace4cbe8b1878fa77c58acb Mon Sep 17 00:00:00 2001
From: Lucien A <lu.aubert84@gmail.com>
Date: Wed, 11 Mar 2020 08:46:03 +0100
Subject: Fix CSP issue on WebFinger service (#2541)

* Fix CSP issue on WebFinger service

WebFinger RFC states that CSP should allow any origin to access WebFinger resources.

* Update webfinger.ts
---
 server/controllers/webfinger.ts | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'server/controllers')

diff --git a/server/controllers/webfinger.ts b/server/controllers/webfinger.ts
index 77c851880..5c308d9ad 100644
--- a/server/controllers/webfinger.ts
+++ b/server/controllers/webfinger.ts
@@ -1,9 +1,12 @@
+import * as cors from 'cors'
 import * as express from 'express'
 import { asyncMiddleware } from '../middlewares'
 import { webfingerValidator } from '../middlewares/validators'
 
 const webfingerRouter = express.Router()
 
+webfingerRouter.use(cors())
+
 webfingerRouter.get('/.well-known/webfinger',
   asyncMiddleware(webfingerValidator),
   webfingerController
-- 
cgit v1.2.3